Password Decryption For Property

[Access_Denied]

Hi guys, I'm new to Spring (like 2 days new) and I'm working on a project for work and could use a little help. I'll try to explain it the best I can. Here's a Spring bean that I have:

Code:

	<bean id="sybaseSQADataSource" class=" com.sybase.jdbc4.jdbc.SybDataSource" >
		<property name="networkProtocol" value="Tds" />
		<property name="serverName" value="localhost" />
		<property name="portNumber" value="2635" />
		<property name="user" value="username" />
		<property name="password" value="password" />
	</bean>

As you can see, the password is stored in plain text in the .xml file. We're not huge fans of this. I know of several ways to work around that, but most are limited because the class for the bean (com.sybase...) isn't editable by us. So what we really want is a way to store an encrypted password in plain text in the password property, then have one of our custom classes decrypt it before connecting to the database.

I actually came close to a solution, which I found here. The problem is that, again, I can't modify that class, so I can't change the password field from being a string to being a custom field that has to be decrypted. One way around that would be to create a PropertyEditor for the String class which would scan all Strings and decrypt the ones that need it. But I don't know if that can be done.

Basically I need to store an encrypted (our own encryption method) password in the XML file and have it decrypted before the connection. Is this at all possible, or is it a lost cause?

Thanks in advance for your help.

P.S. - I hope this is in the right section. :/

EDIT: Should probably say that I'm using Spring 3.1 and Java 7.

[user585858]

I second your question, this is quite common requirement and I am also looking for a solution here.

[Marten Deinum]

You shouldn't store your password in the xml file you should externalize it and protect the file the password is in. Use a PropertyPlaceHolderConfigurer to replace the values, there are also solutions on the forum which have a customized PropertyPlaceHolderConfigurer which does decryption of password.

However storing an encrypted password isn't really strong it is only a delaying barrier as it has to be possible to decrypt the password, the only real secure way would be to store a hash (or hashed hash) but that isn't decryptable.

In short I suggest a search of the forums as this question has been answered before.

Google will lead you to jasypt which already has that support right out of the box.

[Access_Denied]

Jasypt look very nice, but as far as I can tell, it doesn't allow you to use your own encryption algorithm. I'll probably end up using it anyway, but just to humor me, is there a way to accomplish what I originally asked?

Also, we realize encryption isn't guaranteed security, but it's better than storing it in plain text.

[Marten Deinum]

As mentioned use a customized PropertyPlaceHolderConfigurer which does the decryption. As I also mentioned use the search as there are several posts/threads about this.

Jasypt look very nice, but as far as I can tell, it doesn't allow you to use your own encryption algorithm. I'll probably end up using it anyway, but just to humor me, is there a way to accomplish what I originally asked?

I suggest you look again, you can hook up an encryption mechanism but in general inventing your own mechanism is a bad idea there are several out there which are probably better then what either of us comes up with.